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DETAILED ACTION 



1 . This office action is in response to Applicant's amendment filed on January 3, 
2006. Claims 1, 5, 7, 12, 18, 21 and 26 have been amended. New claim 27 is added. 
Claim 4 is cancelled. Claims 1-3 and 5-27 are pending. 



Claim Rejections - 35 USC §112 

2. In view of the amendment filed January 3, 2006, the Examiner withdraws the 
rejection of claims 4, 16-18 under 35 U.S.C. 112. 



Response to Arguments 

3. Applicant's arguments with respect to claims 1-27 have been considered but are 
moot in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



5. Claims 1-3, 5-8, 11-13 and 17-27 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Yang United States Letter Patent Number 6,069,877 in view of 
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Willins et al. (hereinafter Willins) United States Publication Number 2001/0052083 and 
in view of Grube et al. (hereinafter Grube) United States Patent Number 5,555,192. 
As per claim 1 : 

Yang discloses a method for detecting clones (unauthorized duplicate identities) 
of the client, the method comprising: 

forwarding a first signal from a client , the first signal for requesting access to a 
server; (Col. 2, lines 44-61; Col. 3, lines 39-45 and lines 59-60; Col. 10, lines 43-45) 

verifying that the client is authorized to access the server; (Col. 4, lines 4-5) 

receiving a second signal from an entity, the second signal for requesting access 
to the server, wherein the entity has identifying information identical to the client; (Col. 4, 
lines 6-9) and 

if the second request is received prior to expiration of the time T, either marking 
the entity as a possible clone or denying the second request in order to prevent access 
to the server. (Col. 2, line 45; Col. 4, lines 9-14; Col. 11, lines 21-28) 

In addition, Yang discloses if the identification code of the second unit is an 
apparent duplicate of the first unit and if the first unit has already registered, refusing the 
registration of the second unit. (Col. 4, lines 9-14) Yang further discloses a base 
stations for establishing a session with one or more of the plurality of client units and 
communicating information between a host computer and one or more mobile 
communication units. (Col. 2, lines 57-61 and Col. 3, lines 40-45). 

Yang does not explicitly disclose a KDC and transmitting a ticket from the KDC to 
the client, the ticket for providing access to the server, wherein the ticket is valid for a 
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time T and marking the entity as possible clone for further investigation while granting 
access to the server. 

Willins in analogous art, however, disclose a KDC and transmitting a ticket from 
the KDC to the client, the ticket for providing access to the server, wherein the ticket is 
valid for a time T. (Figure 13; Page 8, paragraph 93) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Yang to include 
transmitting a ticket from the KDC to the client, the ticket for providing access to the 
server, wherein the ticket is valid for a time T. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to 
do so, as suggested by, Willins (Page 2, paragraph 15) in order to provide reliable, 
authorized user access to a network, especially to electronic services in a wireless 
network. 

Both references do not explicitly disclose marking the entity as possible clone for 
further investigation while granting access to the server. Grube in analogous art, 
however, discloses marking the entity as possible clone for further investigation while 
granting access to the server. (Abstract; Col. 3, lines 7-22; Col. 4, lines 51-65) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Yang and Willins 
to include marking the entity as possible clone for further investigation while granting 
access to the server. This modification would have been obvious because a person 
having ordinary skill in the art would have been motivated to do so, as suggested by, 
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Grube (Abstract) in order to identify the duplicate ID as a potentially duplicated unit ID 
code by detecting the ID code transmitted is from the same entity or not. This way, if the 
unit ID is used more than a predetermined number of times within a predetermined time, 
unauthorized duplication of unit ID code is investigated. 
As per claim 2: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Willins further discloses a method comprising providing a 
session key in the ticket, the session key being valid for a designated duration. (Page 2, 
paragraph 18) 
As per claim 3: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Willins further discloses a method wherein the designated 
duration is for determining the time T for which the ticket is valid. (Page 2, paragraph 
20) 

As per claim 5: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Yang further discloses a system wherein the entity is a 
clone. (Col. 2, line 45) 
As per claims 6, 24 and 25: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Yang further discloses a system wherein the identifying 
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information is a client identifier copied by the clone. (Col. 3, lines 1-4) 
As per claim 7: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Willins further discloses a system wherein the ticket 
further comprises an encrypted session key. (Page 2, paragraph 20) 
As per claim 8: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Willins further discloses a system comprising the client 
deriving a copy of the session key for accessing the application server. (Page 8, 
paragraph 94) 

As per claims 11,12 and 20: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Willins further discloses a system comprising using a key 
algorithm for authenticating communication between the KDC and the client such that 
all clients wishing access to the server are required to contact the KDC. (Page 8, 
paragraphs 89-94) 
As per claim 13: 

Yang teaches a system for detecting clones of a client within a communication 
network, the system comprising: 

a first computing device; (Figure 1, Col. 3, line 39) 

a second computing device authorized to access the first computing device; 
(Figure 1 , Col. 3, lines 37-38) 
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receiving a second request to access the application server, the second request 
being received from an entity having identifying information identical to the client; (Col. 
4, lines 6-9) and 

In addition, Yang discloses if the identification code of the second unit is an 
apparent duplicate of the first unit and if the first unit has already registered, refusing the 
registration of the second unit. (Col. 4, lines 9-14) Yang further discloses a base 
stations for establishing a session with one or more of the plurality of client units and 
communicating information between a host computer and one or more mobile 
communication units. (Col. 2, lines 57-61 and Col. 3 t lines 40-45). Yang does not 
explicitly disclose a KDC and the key management permitting the entity to access the 
first computing device provided the number of access requests received during period 
T, is M or less request. 

Willins in analogous art, however, disclose a KDC and transmitting a ticket from 
the KDC to the client, the ticket for providing access to the server, wherein the ticket is 
valid for a time T. (Figure 13; Page 8, paragraph 93) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Yang to include 
transmitting a ticket from the KDC to the client, the ticket for providing access to the 
server, wherein the ticket is valid for a time T. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to 
do so, as suggested by, Willins (Page 2, paragraph 15) in order to provide reliable, 
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authorized user access to a network, especially to electronic services in a wireless 
network. 

Both references do not explicitly permitting the entity to access the first 
computing device provided the number of access requests received during period T, is 
M or less request. 

Grube in analogous art, however, discloses permitting the entity to access the 
first computing device, provided the number of access requests received during period 
T, is M or less request. (Abstract; Col. 3, lines 7-22; Col. 4, lines 51-65; Col. 7, lines 61- 
67) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Yang and Willins 
to include permitting the entity to access the first computing device, provided the 
number of access requests received during period T, is M or less request. This 
modification would have been obvious because a person having ordinary skill in the art 
would have been motivated to do so, as suggested by, Grube (Abstract) in order to 
identify the duplicate ID as a potentially duplicated unit ID code by detecting the ID code 
transmitted is from the same entity or not. This way, if the unit ID is used more than a 
predetermined number of times within a predetermined time, unauthorized duplication of 
unit ID code is investigated. 
As per claim 17: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Yang further discloses a system comprising the key 
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management means denying access to the first computing device, if more than M 
requests are received. (Col. 11, lines 59-60) 
As per claim 18: 

Yang teaches a system for detecting clones of a client within a communication 
network, the system comprising: 

a server; (Figure 1, Col. 3, line 39) 

a client for receiving ticket, wherein the ticket is for accessing the server and is 
valid for a time duration T; (Figure 1 , Col. 3, lines 37-38) 

the server receiving from the client a first request to access the server, the first 
request being accompanied by the ticket; (Col. 4, lines 6-9) 

the server recording the time duration T for which ticket is valid; (Col. 4, lines 9- 
14; Col. 11, lines 21-28) 

the server receiving an entity a second request to access the server, the second 
request being received during the time duration T, (Col. 2, line 45; Col. 4, lines 9-14; 
Col. 11, lines 21-28) 

In addition, Yang discloses if the identification code of the second unit is an 
apparent duplicate of the first unit and if the first unit has already registered, refusing the 
registration of the second unit. (Col. 4, lines 9-14) Yang further discloses a base 
stations for establishing a session with one or more of the plurality of client units and 
communicating information between a host computer and one or more mobile 
communication units. (Col. 2, lines 57-61 and Col. 3, lines 40-45). 



Application/Control Number: 10/086,302 Page 10 

Art Unit: 2137 

Yang does not explicitly disclose a KDC; the server flagging the second request, 
if the second request received during time duration T, as a possible fraudulent request 
from a clone while allowing access; and the server thereafter denying the second 
request if received more than a predetermined number of times during the time duration 
T. 

Willins in analogous art, however, discloses a KDC; (Figure 13; Page 8, 
paragraph 91) responsive to the first request, the KDC forwarding a first ticket for 
accessing the application server, the first ticket being valid for a time duration T. (Figure 
13; Page 8, paragraph 93) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Yang to include a 
KDC and responsive to the first request, the KDC forwarding a first ticket for accessing 
the application server, the first ticket being valid for a time duration T. This modification 
would have been obvious because a person having ordinary skill in the art would have 
been motivated to do so, as suggested by, Willins (Page 2, paragraph 15) in order to 
provide reliable, authorized user access to a network, especially to electronic services in 
a wireless network. 

Both references do not explicitly disclose the server flagging the second request, 
if the second request is received is received during the time duration T, as possible 
fraudulent request from a clone while allowing access; and the server thereafter denying 
the second request if received more than a predetermined number of times during 
period T, is M or less request. 
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Grube in analogous art, however, discloses the server flagging the second 
request, if the second request is received is received during the time duration T, as 
possible fraudulent request from a clone while allowing access; (Abstract; Col. 3, lines 
7-22; Col. 4, lines 51-65) and the server thereafter denying the second request if 
received more than a predetermined number of times during period T, is M or less 
request. (Abstract; Col. 3, lines 7-22; Col. 4, lines 51-65; Col. 7, lines 61-67) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Yang and Willins 
to include the server flagging the second request, if the second request is received is 
received during the time duration T, as possible fraudulent request from a clone while 
allowing access; and the server thereafter denying the second request if received more 
than a predetermined number of times during period T, is M or less request. This 
modification would have been obvious because a person having ordinary skill in the art 
would have been motivated to do so, as suggested by, Grube (Abstract) in order to 
identify the duplicate ID as a potentially duplicated unit ID code by detecting the ID code 
transmitted is from the same entity or not. This way, if the unit ID is used more than a 
predetermined number of times within a predetermined time, unauthorized duplication of 
unit ID code is investigated. 
As per claim 19: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Willins further discloses a system comprising the KDC 
encrypting a session key within the ticket; and the client extracting a copy of the session 
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key in a manner that no entity other than the client can access the session key. (Page 2, 

paragraph 17) 

As per claims 21 and 23: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Willins further discloses a system wherein a ticket 
granting server is the server, and the ticket is a ticket granting ticket. (Page 8, 
paragraph 91) 
As per claim 22: 

Yang teaches a method for detecting clones in a communication network, the 
method comprising: 

receiving a request to access the KDC, the request being received from an entity 
with the same identifying information as the authorized client; (Col. 4, lines 6-9) and 

In addition, Yang discloses if the identification code of the second unit is an 
apparent duplicate of the first unit and if the first unit has already registered, refusing the 
registration of the second unit. (Col. 4, lines 9-14) Yang further discloses a base 
stations for establishing a session with one or more of the plurality of client units and 
communicating information between a host computer and one or more mobile 
communication units. (Col. 2, lines 57-61 and Col. 3, lines 40-45). 

Yang does not explicitly disclose providing a ticket to an authorized client, the 
ticket accessing a KDC, the ticket having a session key valid for a time duration T; and if 
the request is received during time T, flagging the entity as a possible clone while 
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granting access to the KDC, and thereafter denying access to the KDC if the request is 
received more than a predetermined number of times. 

Willins in analogous art, however, discloses providing a ticket to an authorized 
client, the ticket accessing a KDC, the ticket having a session key valid for a time 
duration T. (Figure 13; Page 8, paragraph 93) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Yang to include a 
providing a ticket to an authorized client, the ticket accessing a KDC, the ticket having a 
session key valid for a time duration T. This modification would have been obvious 
because a person having ordinary skill in the art would have been motivated to do so, 
as suggested by, Willins (Page 2, paragraph 15) in order to provide reliable, authorized 
user access to a network, especially to electronic services in a wireless network. 

Both references do not explicitly disclose if the request is received during time T, 
flagging the entity as a possible clone while granting access to the KDC, and thereafter 
denying access to the KDC if the request is received more than a predetermined 
number of times. 

Grube in analogous art, however, discloses if the request is received during time 
T, flagging the entity as a possible clone while granting access to the KDC, and 
thereafter denying access to the KDC if the request is received more than a 
predetermined number of times. (Abstract; Col. 3, lines 7-22; Col. 4, lines 51-65; Col. 7, 
lines 61-67) 
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Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Yang and Willins 
to include if the request is received during time T, flagging the entity as a possible clone 
while granting access to the KDC, and thereafter denying access to the KDC if the 
request is received more than a predetermined number of times. This modification 
would have been obvious because a person having ordinary skill in the art would have 
been motivated to do so, as suggested by, Grube (Abstract) in order to identify the 
duplicate ID as a potentially duplicated unit ID code by detecting the ID code transmitted 
is from the same entity or not. This way, if the unit ID is used more than a 
predetermined number of times within a predetermined time, unauthorized duplication of 
unit ID code is investigated. 
As per claim 26: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Willins further discloses a system wherein the KDC is the 
server. (Page 8, paragraph 91) 
As per claim 27: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. In addition, Grube further discloses a method wherein if, during 
investigation, the second signal is received a predetermined number of time prior to 
expiration of the time T, the second request is thereafter denied to prevent access to the 
server. (Abstract; Col. 3, lines 7-22; Col. 4, lines 51-65; Col. 7, lines 61-67) 
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6. Claims 9-10 and 14-16 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Yang United States Letter Patent Number 6,069,877 in view of 
Willins et al. (hereinafter Willins) United States Publication Number 2001/0052083 in 
view of Grube et al. (hereinafter Grube) United States Patent Number 5,555,192 and 
further in view of Tung et al. Public Key Cryptography for Initial Authentication in 
Kerberos, Internet Draft, (hereinafter Tung). 
As per claim 9: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. None of the references do explicitly disclose a system wherein the 
session key is derived using a key agreement algorithm. 

Tung in analogous art, however, discloses a system wherein the session key is 
derived using a key agreement algorithm. (Section 2, paragraph 2) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Yang, Willins and 
Grube to include a system wherein the session key is derived using a key agreement 
algorithm. This modification would have been obvious because a person having 
ordinary skill in the art would have been motivated to do so, as suggested by, Tung 
(Section 2, paragraph 4) in order to enable access to Kerberos-secured services based 
on initial authentication using public key cryptography. 
As per claim 10: 
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The combination of Yang, Willins, Grube and Tung discloses all the subject 
matter as discussed above. In addition, Tung further discloses a system wherein the 
key agreement algorithm is the Diffie-Hellman algorithm. (Section 2, paragraph 3) 
As per claim 14: 

The combination of Yang, Willins and Grube discloses all the subject matter as 
discussed above. None of the references do explicitly disclose a system wherein the 
key management means utilizes Diffie-Hellman algorithm to distribute session keys. 

Tung in analogous art, however, discloses a system wherein the key 
management means utilizes Diffie-Hellman algorithm to distribute session keys. 
(Section 2, paragraph 3) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the system disclosed by Yang, Willins and 
Grube to include a system wherein the key management means utilizes Diffie-Hellman 
algorithm to distribute session keys. This modification would have been obvious 
because a person having ordinary skill in the art would have been motivated to do so, 
as suggested by, Tung (Section 2, paragraph 4) in order to enable access to Kerberos- 
secured services based on initial authentication using public key cryptography. 
As per claim 15: 

The combination of Yang, Willins, and Tung discloses all the subject matter as 
discussed above. In addition, Yang further discloses a system comprising the key 
management means flagging the entity if more than M requests are received from the 
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entity. (Col. 9, lines 59-60) 
As per claims 16: 

The combination of Yang, Willins, and Tung discloses all the subject matter as 
discussed above. In addition, Yang further discloses a system wherein the identifying 
information is a client identifier copied by the clone. (Col. 3, lines 1-4) 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay whose telephone number is 571-272- 
4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Shewaye Gelagay 
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